90006848

open access

Accepted Manuscript

A study of IoT malware activities using association rule learning for darknet sensor data

English (英語)

International Journal of Information Security

19(1)

83-92

Springer

2020-02

2021-03-01

Along with the proliferation of Internet of Things (IoT) devices, cyberattacks towards these devices are on the rise. In this paper, we present a study on applying Association Rule Learning to discover the regularities of these attacks from the big stream data collected on a large-scale darknet. By exploring the regularities in IoT-related indicators such as destination ports, type of service, and TCP window sizes, we succeeded in discovering the activities of attacking hosts associated with well-known classes of malware programs. As a case study, we report an interesting observation of the attack campaigns before and after the first source code release of the well-known IoT malware Mirai. The experiments show that the proposed scheme is effective and efficient in early detection and tracking of activities of new malware on the Internet and hence induces a promising approach to automate and accelerate the identification and mitigation of new cyber threats.

Darknet traffic analysis

学術雑誌論文

© Springer-Verlag GmbH Germany, part of Springer Nature 2019. This is a post-peer-review, pre-copyedit version of an article published in International Journal of Information Security. The final authenticated version is available online at: https://doi.org/10.1007/s10207-019-00439-w